Amazon Web Services, for all its essential curb appeal, can still cause grief for the unwary and unprepared cloud...
administrator. Because most issues are either identical to those of traditional operations or related to migration issues, they're easy to handle. Still, anticipating them can remove some of the angst.
For Amazon Web Services (AWS) beginners, most mistakes occur during the instance-selection process, provisioning Elastic Compute Cloud (EC2) instances and the type of storage needed. Less common AWS problems, but those with a more negative effect, include networking considerations.
"The network build-out and the way to access AWS resources is the most critical area to get right," said Joe Coyle, CTO of Capgemini North America in Southfield, Mo.
In the AWS consumption-based model, admins can quickly remediate issues of improper provisioning using AWS capacity and toolsets. However, a networking error can bring the migration and user access process to a halt. Another costly error centers on the on-demand instances versus reserved instances selection process.
"This type of error has no compute or performance issues, but could carry a large financial impact," Coyle added.
IT teams may assume that functions on the ground have a one-to-one correspondence with those in the cloud. So, it's easy to imagine that you can move a favorite tool straight to the cloud with your AWS migration, but it doesn't always work that way, noted Andrew Siemer, chief architect at Austin, Texas-based Clear Measure, a software engineering firm. Furthermore, there are some cases where having servers close to your workers is better.
Get the picture, put thought into configurations
Similarly, IT pros may not put enough preparation into configuration management. There are all types of configuration issues to consider, including those that ship with code and others pulled in from central management. Configurations can vary depending on deployment settings; this may introduce unknown or unforeseen oddities in the system.
"Not having a complete picture of what configuration is, is a bigger issue, though it isn't specific to AWS," Siemer added.
Many problems stem from the migration process, noted Avishai Wool CTO at AlgoSec and instructor for an online course in AWS migration and security. But identifying all of an application's traffic flow is not easy.
Shlomo SwidlerCEO of Orchestratus
"Many organizations have poor records of such information, especially for east-west traffic flows within the data center that do not cross any traditional firewall along their path," Wool said. Migrating even one endpoint with an east-west flow means that the flow has to be explicitly allowed by some firewall rules -- either in the AWS firewall or in the traditional firewall.
"If you don't know about the flow's existence, you will neglect to write the necessary firewall rules and traffic that's critical to the application will be blocked," he added.
What's more, things can go wrong and results may vary; if you depend too much on tools that promise easy cloud migration without any changes, explained Dave Bartoletti, principal analyst at Forrester Research, Cambridge, Mass. "You should investigate those claims; you still might need to do some post-migration reconfiguration of the app because it may work in AWS but won't provide full value unless you re-architect," he said.
"If you buy an F1 race car but only install a lawn mower engine, it won't work too well," added Shlomo Swidler, CEO of N.Y.-based consultancy Orchestratus. In the case of AWS, the lawn mower engine is the equivalent mistake of failing to take advantage of AWS features, such as the ability to easily set up multiple environments. "People regularly underestimate the value of setting up independent environments," Swidler said. "This is especially true of large enterprises accustomed to doing things in an IT-centric way, with Active Directory and strict DNS."
Consider your application needs
Then there are peculiarities related to specific loads or applications. SAP HANA is one workload that continues to challenge Capgemini, Coyle said.
"We have customers running HANA in AWS in test and production, but large -- over 1 terabyte -- loads are not yet supported," he said, although AWS is working quickly to solve this. Similarly, if a client is looking to migrate a large data set that would be a challenge to migrate over the network due to bandwidth size, the other available process of copying data to specific type drives and shipping to AWS for uploading has been somewhat time intensive and challenging, he added.
AWS may create unrealistic expectations for some organizations, Siemer noted.
"In reality, the cloud is just another form of infrastructure with a different management and design story," he said. Thus, in many cases, you have to design, plan around and understand the cloud. "Like any computer system, it only does what you tell it to do. That requires upfront understanding," he said.
AWS VPC customers encounter VPN glitches
Don't leave legacy apps behind during an AWS migration